Skip to content

Release proposal: v5.5.1 (Stable)

Rodrigo Muino Tomonari requested to merge v5.5.1-proposal into v5.x

Security release, to go out ~ Tuesday, the 9th of February, 11pm UTC with releases across all active lines as per https://groups.google.com/d/msg/nodejs-sec/G8IA0G4uA88/So3Cw84YDwAJ.

Pending additions being worked on by the security team. We'll get everything else ready here and finish it off in our private repo. Still needs "Notable items" filled out. Either myself or @jasnell will handle this release. I'm doing v0.10 and v0.12, @jasnell is doing v4 and was slated for v5 but we may switch that up depending our workloads finalising the security fixes.

Because this is not an LTS line this release is not restricted to security+build changes as we are doing with v0.10, v0.12 and v4. However, I've opted to keep semver-minor changes out of this so we can get away with a patch-level bump, see below for a list of changes left out. Unfortunately, because we haven't had a release in ~20 days the backlog is kind of large even with just semver-patch changes.

  • [3b6283c163] - benchmark: add a constant declaration for net (Minwoo Jung) #3950
  • [d64e6e0112] - buffer: remove duplicated code in fromObject (HUANG Wei) #4948
  • [58d67e26a2] - buffer: validate list elements in Buffer.concat (Michaël Zasso) #4951
  • [bafc86f00e] - buffer: refactor redeclared variables (Rich Trott) #4886
  • [0fa4d90b94] - build: Add VARIATION variable to binary target (Stefan Budeanu) #4631
  • [0d4b538175] - crypto: use SSL_CTX_clear_extra_chain_certs. (Adam Langley) #4919
  • [abb0f6cd53] - crypto: fix build when OCSP-stapling not provided (Adam Langley) #4914
  • [755619c554] - crypto: use a const SSL_CIPHER (Adam Langley) #4913
  • [cbf36de8f1] - deps: upgrade npm to 3.6.0 (Rebecca Turner) #4958
  • [dd97d07a0d] - deps: backport 8d00c2c from v8 upstream (Gibson Fahnestock) #5024
  • [b75263094b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #1836
  • [b312b7914f] - deps: upgrade openssl sources to 1.0.2f (Myles Borins) #4961
  • [fa0457ed04] - dns: throw a TypeError in lookupService with invalid port (Evan Lucas) #4839
  • [6f58bc578a] - doc: console is asynchronous unless it's a file (Ben Noordhuis) #5133
  • [3b960af47a] - doc: fix typo in dgram doc (Rich Trott) #5114
  • [6363264fa9] - doc: fix links order in Buffer doc (Alexander Makarenko) #5076
  • [28b392854c] - doc: add CTC meeting minutes 2016-01-20 (Rod Vagg) #4904
  • [e325ece23e] - doc: minor improvement in OS docs (Alexander Makarenko) #5006
  • [9e4f94bf2b] - doc: add CTC meeting minutes 2016-01-27 (Rod Vagg) #5057
  • [1e2108a6b7] - doc: fix links in Addons docs (Alexander Makarenko) #5072
  • [e5134b1701] - doc: fix inconsistent styling (Brian White) #4996
  • [dde160378e] - doc: fix link in cluster documentation (Timothy Gu) #5068
  • [e5254c12f4] - doc: fix reference to API hash.final (Minwoo Jung) #5050
  • [87fd9968a8] - doc: clarify optional arguments of Buffer methods (Michaël Zasso) #5008
  • [9908eced24] - doc: uppercase 'RSA-SHA256' in crypto.markdown (Rainer Oviir) #5044
  • [bf0383bbea] - doc: apply consistent styling for functions (Rich Trott) #4974
  • [8c7f4bab2d] - doc: multiple improvements in Stream docs (Alexander Makarenko) #5009
  • [ee013715b9] - doc: improve styling consistency in VM docs (Alexander Makarenko) #5005
  • [9824b0d132] - doc: fix anchor links from stream to http and events (piepmatz) #5007
  • [2c85f79569] - doc: minor improvement to HTTPS doc (Alexander Makarenko) #5002
  • [9cf1370017] - doc: improve styling consistency in Buffer docs (Alexander Makarenko) #5001
  • [2750cb0613] - doc: consistent styling for functions in TLS docs (Alexander Makarenko) #5000
  • [4758bf13a5] - doc: update npm LICENSE using license-builder.sh (Rebecca Turner) #4958
  • [3b08b5d22c] - doc: fix minor typo in process doc (Prayag Verma) #5018
  • [129977c9c7] - doc: fix typo in Readme.md (Prayag Verma) #5017
  • [5de3dc557f] - doc: fix notDeepEqual API (Minwoo Jung) #4971
  • [d47dadcc1f] - doc: make buffer methods styles consistent (Timothy Gu) #4873
  • [17888b122c] - doc: fix JSON generation for aliased methods (Timothy Gu) #4871
  • [396e4b9199] - doc: add more details to process.env (Evan Lucas) #4924
  • [bc11bf4659] - doc: don't use "interface" as a variable name (ChALkeR) #4900
  • [bcf55d2f44] - doc: spell writable consistently (Peter Lyons) #4954
  • [4a6d0ac436] - doc: update eol handling in readline (Kári Tristan Helgason) #4927
  • [e65d3638c0] - doc: replace function expressions with arrows (Benjamin Gruenbaum) #4832
  • [423a58d66f] - doc: show links consistently in deprecations (Sakthipriyan Vairamani) #4907
  • [fd87659139] - doc: add docs working group (Bryan English) #4244
  • [19ed619cff] - doc: remove unnecessary bind(this) (Dmitriy Lazarev) #4797
  • [5129930786] - doc: keep the names in sorted order (Sakthipriyan Vairamani) #4876
  • [3c46c10d54] - doc: fix nonsensical grammar in Buffer::write (Jimb Esser) #4863
  • [a1af6fc1a7] - doc: add servername parameter docs (Alexander Makarenko) #4729
  • [f4eeba8467] - doc: fix code type of markdowns (Jackson Tian) #4858
  • [fa1d453359] - doc: check for errors in 'listen' event (Benjamin Gruenbaum) #4834
  • [f462320f74] - doc: undo move http.IncomingMessage.statusMessage (Jeff Harris) #4822
  • [711245e5ac] - doc: style fixes for the TOC (Roman Reiss) #4748
  • [611c2f6fdf] - doc: proper markdown escaping -> __, *, _ (Robert Jefe Lindstaedt) #4805
  • [5a860d9cb7] - doc: Examples work when data exceeds buffer size (Glen Arrowsmith) #4811
  • [71ba14de86] - doc: update list of personal traits in CoC (Kat Marchán) #4801
  • [97eedfc57a] - doc: harmonize $ node command line notation (Robert Jefe Lindstaedt) #4806
  • [2dde0f08c9] - doc: add buf.indexOf encoding param with example (Karl Skomski) #3373
  • [66c74548de] - doc: fenced all code blocks, typo fixes (Robert Jefe Lindstaedt) #4733
  • [54e8845b5e] - fs: refactor redeclared variables (Rich Trott) #4959
  • [fa940cf9bc] - fs: remove unused branches (Benjamin Gruenbaum) #4795
  • [9b03af254a] - http: remove reference to onParserExecute (Tom Atkinson) #4773
  • [101de9de3f] - https: evict cached sessions on error (Fedor Indutny) #4982
  • [55030922e5] - lib: scope loop variables (Rich Trott) #4965
  • [725ad5b1ce] - lib: remove string_decoder.js var redeclarations (Rich Trott) #4978
  • [c09eb44a59] - module: refactor redeclared variable (Rich Trott) #4962
  • [612ce66c78] - net: refactor redeclared variables (Rich Trott) #4963
  • [c9b05dafe0] - net: move isLegalPort to internal/net (Evan Lucas) #4882
  • [1b49dfbe78] - node_contextify: do not incept debug context (Myles Borins) #4815
  • [f8269fe365] - querystring: check that maxKeys is finite (Myles Borins) #5066
  • [5a10fe932c] - querystring: use String.prototype.split's limit (Manuel Valls) #2288
  • [2844cc03dc] - repl: remove variable redeclaration (Rich Trott) #4977
  • [853d73bb50] - src: clean up usage of proto (Jackson Tian) #5069
  • [e93b024214] - src: remove no longer relevant comments (Chris911) #4843
  • [a2c257a3ef] - src: fix negative values in process.hrtime() (Ben Noordhuis) #4757
  • [ee8d4bb075] - stream: prevent object map change in TransformState (Evan Lucas) #5032
  • [c8b6de244e] - stream: refactor redeclared variables (Rich Trott) #4816
  • [fc3c32b582] - test: fix flaky test-dgram-pingpong (Rich Trott) #5125
  • [3effca6076] - test: mark flaky tests on Raspberry Pi (Rich Trott) #5082
  • [09917c99d8] - test: fix net-socket-timeout-unref flakiness (Santiago Gimeno) #4772
  • [83da19aa48] - test: fix redeclared test-event-emitter-* vars (Rich Trott) #4985
  • [87b27c913d] - test: fix redeclared test-intl var (Rich Trott) #4988
  • [e98772d68e] - test: remove redeclared var in test-domain (Rich Trott) #4984
  • [443d0463ca] - test: add common.platformTimeout() to dgram test (Rich Trott) #4938
  • [90219c3398] - test: fix flaky cluster test on Windows 10 (Rich Trott) #4934
  • [3488fa81b5] - test: fix variable redeclarations (Rich Trott) #4992
  • [7dc0905d4d] - test: fix redeclared test-util-* vars (Rich Trott) #4994
  • [53e7d605c9] - test: fix redeclared vars in sequential tests (Rich Trott) #4999
  • [a62ace9f7e] - test: fix tls-no-rsa-key flakiness (Santiago Gimeno) #4043
  • [9b8f025816] - test: fix redeclared vars in test-url (Rich Trott) #4993
  • [51fb8845d5] - test: fix redeclared test-path vars (Rich Trott) #4991
  • [b16b360ae8] - test: fix var redeclarations in test-os (Rich Trott) #4990
  • [d6199773e8] - test: fix test-net-* variable redeclarations (Rich Trott) #4989
  • [9dd5b3e01b] - test: fix redeclared test-http-* vars (Rich Trott) #4987
  • [835bf13c1d] - test: fix var redeclarations in test-fs-* (Rich Trott) #4986
  • [71d7a4457d] - test: fix redeclared vars in test-vm-* (Rich Trott) #4997
  • [38459402a5] - test: fix inconsistent styling in test-url (Brian White) #5014
  • [4934798c0d] - test: pummel test fixes (Rich Trott) #4998
  • [3970504298] - test: remove var redeclarations in test-crypto-* (Rich Trott) #4981
  • [a2881e2187] - test: remove test-cluster-* var redeclarations (Rich Trott) #4980
  • [c3d93299c2] - test: fix test-http-extra-response flakiness (Santiago Gimeno) #4979
  • [0384a43885] - test: Add assertion for TLS peer certificate fingerprint (Alan Cohen) #4923
  • [48a353fe41] - test: scope redeclared vars in test-child-process* (Rich Trott) #4944
  • [89d1149467] - test: fix test-tls-zero-clear-in flakiness (Santiago Gimeno) #4888
  • [f7ed47341a] - test: remove Object.observe from tests (Vladimir Kurchatkin) #4769
  • [d95e53dc3b] - test: refactor switch (Rich Trott) #4870
  • [7f1e3e929a] - test: remove race condition in http flood test (Rich Trott) #4793
  • [6539c64e67] - test: scope redeclared variable (Rich Trott) #4854
  • [62fb941557] - test: fix irregular whitespace issue (Roman Reiss) #4864
  • [3b225209f0] - test: fs.link() test runs on same device (Drew Folta) #4861
  • [1860eae110] - test: refactor test-net-settimeout (Rich Trott) #4799
  • [ae9a8cd053] - test: mark test-tick-processor flaky (Rich Trott) #4809
  • [57cea9e421] - test: remove test-http-exit-delay (Rich Trott) #4786
  • [2119c76d5a] - test: refactor test-fs-watch (Rich Trott) #4776
  • [e487b72459] - test: move cluster tests to parallel (Rich Trott) #4774
  • [8c694a658c] - test: improve test-cluster-disconnect-suicide-race (Rich Trott) #4739
  • [14f5bb7a99] - test,buffer: refactor redeclarations (Rich Trott) #4893
  • [62479e3406] - tls: scope loop vars with let (Rich Trott) #4853
  • [d6fbd81a7a] - tls_wrap: reach error reporting for UV_EPROTO (Fedor Indutny) #4885
  • [f513e66075] - tools: lint for empty character classes in regex (Rich Trott) #5115
  • [e05bb409a6] - tools: lint for spacing around unary operators (Rich Trott) #5063
  • [7fa5959c59] - tools: fix redeclared vars in doc/json.js (Rich Trott) #5047
  • [e95fd6ae70] - tools: apply linting to doc tools (Rich Trott) #4973
  • [777ed82162] - tools: fix detecting constructor for JSON doc (Timothy Gu) #4966
  • [5d55f59c85] - tools: add property types in JSON documentation (Timothy Gu) #4884
  • [fd5c56698e] - tools: add support for subkeys in release tools (Myles Borins) #4807
  • [34df6a5c0c] - tools: enable assorted ESLint error rules (Roman Reiss) #4864
  • [386ad7e0b5] - tools: fix setting path containing an ampersand (Brian White) #4804
  • [e415eb27e5] - url: change scoping of variables with let (Kári Tristan Helgason) #4867
  • [b2c8b7f6d3] - internal/child_process: call postSend on error (Fedor Indutny) #4752
  • [5a77c095a6] - Event emitters support symbols as event names. The process object (cjihrig) #4798

Changes (apparently) available for v5.6.0. Note that some of these are semver-patch but build on semver-minor changes so I've left them out so out-of-order cherry-picking doesn't leave us in an inconsistent state. #4337 was also left out because there's a remote possibility it could break for some users, but it's considered a fix rather than semver-major, see discussion there.

  • [34f39670cf] - tools: enable no-redeclare rule for linter (Rich Trott) #5047
  • [c41c09375b] - (SEMVER-MINOR) doc: correct tlsSocket.getCipher() description (Brian White) #4995
  • [2c357a7e3b] - (SEMVER-MINOR) tls: add getProtocol() to TLS sockets (Brian White) #4995
  • [924cc6c633] - src: upgrade to new v8::Private api (Ben Noordhuis) #5045
  • [1800bf4142] - dgram: scope redeclared variables (Rich Trott) #4940
  • [b4ece1b7ec] - contextify: use offset/length from Uint8Array (Fedor Indutny) #4947
  • [137f53c7b7] - (SEMVER-MINOR) dgram: support dgram.send with multiple buffers (Matteo Collina) #4374
  • [efd33a2a9a] - test: update arrow function style (cjihrig) #4813
  • [452928eb24] - tools: add arrow function rules to eslint (cjihrig) #4813
  • [c3bb4b1aa5] - (SEMVER-MINOR) child_process: add shell option to spawn() (cjihrig) #4598
  • [96934cbb30] - (SEMVER-MINOR) vm: introduce cachedData/produceCachedData (Fedor Indutny) #4777
  • [54cd2e1e5e] - (SEMVER-MINOR) buffer: properly retrieve binary length of needle (Trevor Norris) #4803
  • [7240ad4441] - (SEMVER-MINOR) buffer: allow encoding param to collapse (Trevor Norris) #4803
  • [5ef9989bd6] - (SEMVER-MINOR) net: add net.listening boolean property over a getter (José Moreira) #4743
  • [32ac3769f5] - http: do not emit upgrade on advertisement (Fedor Indutny) #4337

CI for this: https://ci.nodejs.org/job/node-test-commit/2148/ (green on all but arm where it's yellow)

Merge request reports